Russell Coker wrote: >Your points are reasonable, but you seem to be neglecting the huge advances in >hardware that have been made recently. If you can give a toaster 4M of RAM >and 16M of Flash (which used to be enough for a Linux server and is >considerably smaller than any iPaQ on the market today) then does it matter >if you don't remove some code you don't really need? > >If making the DAC code a module slows down non-LSM servers and takes a lot of >programmer time to implement, is it a useful effort? > >If making DAC a module can result in code improvements in the general case >then it might be good to have. But I really doubt it'll get anywhere. > Linus did not ask us to do anything as radical as moving all the DAC logic to a module. He was very clear & specific about moving the capabilities code to a module, and did not mention the DAC code. We did think about moving the DAC code to a module. There was a LOT of discussion about the "DAC out" design. Ultimately, most people decided against it as too messy for the first try. You (Linda) were not one of them. Tough. If it makes you feel better, "DAC out" is my favorite choice for what to do with LSM in Linux 2.7: the mythical "Step 2". But (as with the first LSM) it critically depends on Linux kernel maintainer buy in. Guess what we'll do before we try that? Get some buy-in from the affected developers. And you know what else? They might say "no." Not much I can do about that. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 01:33:24 PST